Interesting, Just took a look at it, so far so easy lol. The login box is a piece of cake. Perhaps you should check how it verify’s the codes
That was actually a very nice tip
Lol. All this obfuscation and all you had to do was call a function
Took me about 30 minutes to figure that out. Should have been less.
never mind my previous comment… how does one create spoiler text?
[spoiler] Text to hide [/spoiler]
It isn’t that hard ^.^
Here’s how:
When we enter to register, we can see that it asks for invite-code…
Let’s see the source:
Uhmm… This one seems interesting, when we enter it we get:
Ohh obsfucated…
I’ll use jsbeautifier.org:
So, there are two functions, one to check, and to generate!
we’ll focus on the generate one…
So it creates a request of type POST to: https://www.hackthebox.gr/api/invite/generate…
With this in Postfields: dataType=json
Awesome, let’s try to send a request like that and see the result…
We got code!
let’s decode that base64
HQDRA-HDMXN-WRZEC-RCEYA-XURMM
And here we go, we got our registration code …
Hope it helped, if you got stuck in the registration of course!
Hi ,
I am not able to generate the code . I found the function and executed in the console. But it always gives me the error - ‘In order to generate the invite code, make a POST request to /api/invite/generate’
can any one help.
In the function its taking the url as ‘url: ‘/api/invite/how/to/generate’’ . But i am getting the error message as the above.
- Use Hackbar ( a mozilla add-on ), which i think you will like…
https://addons.mozilla.org/en-US/firefox/addon/hackbar/
Or, just a programming language… ( Javascript used as an example… )
function send_post(){
var url = "https://www.hackthebox.gr/api/invite/generate";
var postdata = {'dataType':'json'};
var request = new XMLHttpRequest();
request.open("POST", url, 1);
request.send(postdata);
request.onreadystatechange = function(){
if( request.readyState == 4 ){
var response = JSON.parse(request.responseText);
var encrypted = response.data.code;
var format = response.data.format;
if( format == "encoded" ){
var decrypted = atob(encrypted);
}else{
var decrypted = encrypted;
}
alert(decrypted);
}
}
}
send_post();
Run it in console, and you will get your registration code !
After to get access to hackthebox i saw some interesting challenges. If i get sucess in some i’ll to expose it here.
I think you should read the rules for members creating tutorials on exploiting machines in the network. It ain’t friendly
Well look at that, Our sergeant is still alive!
It has been a while old friend. Where did you go?
I’m always around watching you and watching them. A lot of personal work, busy revamping my old website and learning a lot so pretty occupied lately.
was easy , to crack the login haha but must try
IP: 10.10.10.6
Hostname: Popcorn
WalkThrough Video:
http://www.mediafire.com/file/j2dl6c6d62c7qlr/popcorn_user.rar
Compressed With Winrar
I would strongly recommend uploading to YouTube, or Vimeo, or even to 0x0.st. So that people can stream it.
I Have a Bad Net 512 kb/s so if anyone can do that i’ll edit my post am so sorry !
I’m uploading it on vid.me because I don’t have Youtube and Vimeo doesn’t accept custom emails, I will edit this post when is done!
EDIT: @DamaneDz, there is the video: https://vid.me/wLa3
I’m glad to see so many people having fun with this. I know i am. I created this thread before i read the rules regarding discussing the lab. Too late now.
Please don’t post solutions / walkthroughs.
I STRONGLY recommend everyone to read this: https://www.hackthebox.eu/en/home/rules
Especially Rule 7.
I think it’s not fair to participate in such an awesome learning experience, that is - on top of that - offered for FREE and then shit all over their rules.
EDIT:
@thomaslnx @DamaneDz @pry0cc